7 matches found
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
Remote code execution
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...
Design/Logic Flaw
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
CVE-2021-32835 Groovy Sandbox escape in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...
CVE-2021-32835
CVE-2021-32835 affects Eclipse Keti, a service that enforces ABAC for REST APIs. The connected records identify a Groovy Sandbox escape vulnerability in Keti, which could allow post-authentication Remote Code Execution (RCE). The issue is linked to a commit (a1c8dbe) and is discussed in GHSL-2021...
CVE-2021-32834 Arbitrary Groovy script evaluation in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
CVE-2021-32834
CVE-2021-32834 affects Eclipse Keti, a REST API protection service using ABAC. The vulnerability arises when a user who can create Policy Sets can submit malicious Groovy scripts that escape the Groovy sandbox, enabling arbitrary code execution. Reported CVSS details exist across sources (e.g., N...